Merge branch 'master' into wip/win32-port2

kdc/config.c

@@ -356,11 +356,11 @@ configure(krb5_context context, int argc, char **argv)
 	if (config->pkinit_kdc_anchors == NULL)
 	    krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
 
-	_kdc_pk_initialize(context, config,
-			   config->pkinit_kdc_identity,
-			   config->pkinit_kdc_anchors,
-			   config->pkinit_kdc_cert_pool,
-			   config->pkinit_kdc_revoke);
+	krb5_kdc_pk_initialize(context, config,
+			       config->pkinit_kdc_identity,
+			       config->pkinit_kdc_anchors,
+			       config->pkinit_kdc_cert_pool,
+			       config->pkinit_kdc_revoke);
 
     }
     

kdc/connect.c

@@ -270,7 +270,7 @@ init_socket(krb5_context context,
     ret = krb5_addr2sockaddr (context, a, sa, &sa_size, port);
     if (ret) {
 	krb5_warn(context, ret, "krb5_addr2sockaddr");
-	closesocket(d->s);
+	rk_closesocket(d->s);
 	d->s = rk_INVALID_SOCKET;
 	return;
     }
@@ -299,7 +299,7 @@ init_socket(krb5_context context,
 
 	krb5_print_address (a, a_str, sizeof(a_str), &len);
 	krb5_warn(context, errno, "bind %s/%d", a_str, ntohs(port));
-	closesocket(d->s);
+	rk_closesocket(d->s);
 	d->s = rk_INVALID_SOCKET;
 	return;
     }
@@ -309,7 +309,7 @@ init_socket(krb5_context context,
 
 	krb5_print_address (a, a_str, sizeof(a_str), &len);
 	krb5_warn(context, errno, "listen %s/%d", a_str, ntohs(port));
-	closesocket(d->s);
+	rk_closesocket(d->s);
 	d->s = rk_INVALID_SOCKET;
 	return;
     }
@@ -489,7 +489,7 @@ handle_udp(krb5_context context,
     }
 
     d->sock_len = sizeof(d->__ss);
-    n = recvfrom(d->s, buf, max_request, 0, d->sa, &d->sock_len);
+    n = recvfrom(d->s, buf, max_request_udp, 0, d->sa, &d->sock_len);
     if(rk_IS_SOCKET_ERROR(n))
 	krb5_warn(context, rk_SOCK_ERRNO, "recvfrom");
     else {
@@ -525,7 +525,7 @@ clear_descr(struct descr *d)
 	memset(d->buf, 0, d->size);
     d->len = 0;
     if(d->s != rk_INVALID_SOCKET)
-	closesocket(d->s);
+	rk_closesocket(d->s);
     d->s = rk_INVALID_SOCKET;
 }
 
@@ -572,10 +572,10 @@ add_new_tcp (krb5_context context,
 	return;
     }
 
-#ifndef NO_LIMIT_FD_SETSIZE
+#ifdef FD_SETSIZE
     if (s >= FD_SETSIZE) {
 	krb5_warnx(context, "socket FD too large");
-	closesocket (s);
+	rk_closesocket (s);
 	return;
     }
 #endif
@@ -880,6 +880,7 @@ loop(krb5_context context,
 #ifndef NO_LIMIT_FD_SETSIZE
 		if(max_fd < d[i].s)
 		    max_fd = d[i].s;
+#ifdef FD_SETSIZE
 		if (max_fd >= FD_SETSIZE)
 		    krb5_errx(context, 1, "fd too large");
 #endif
@@ -923,7 +924,7 @@ loop(krb5_context context,
 	}
     }
     if (0);
-#ifndef NO_SIGXCPU
+#ifdef SIGXCPU
     else if(exit_flag == SIGXCPU)
 	kdc_log(context, config, 0, "CPU time limit exceeded");
 #endif

kdc/hpropd.c

@@ -50,7 +50,7 @@ struct getargs args[] = {
     { "database", 'd', arg_string, &database, "database", "file" },
     { "stdin",    'n', arg_flag, &from_stdin, "read from stdin" },
     { "print",	    0, arg_flag, &print_dump, "print dump to stdout" },
-#ifndef NO_INETD
+#ifdef SUPPORT_INETD
     { "inetd",	   'i',	arg_negative_flag,	&inetd_flag,
       "Not started from inetd" },
 #endif
@@ -79,7 +79,6 @@ main(int argc, char **argv)
     krb5_authenticator authent;
     krb5_keytab keytab;
     krb5_socket_t sock = rk_INVALID_SOCKET;
-    int close_socket = 0;
     HDB *db = NULL;
     int optidx = 0;
     char *tmp_db;
@@ -130,24 +129,21 @@ main(int argc, char **argv)
 	char *server;
 
 	sock = STDIN_FILENO;
-#ifndef NO_INETD
+#ifdef SUPPORT_INETD
 	if (inetd_flag == -1) {
 	    if (getpeername (sock, sa, &sin_len) < 0) {
 		inetd_flag = 0;
-		close_socket = 0;
 	    } else {
 		inetd_flag = 1;
-		close_socket = 0;
 	    }
 	}
-	if (!inetd_flag) {
+#else
+	inetd_flag = 0;
 #endif
+	if (!inetd_flag) {
 	    mini_inetd (krb5_getportbyname (context, "hprop", "tcp",
 					    HPROP_PORT), &sock);
-	    close_socket = 1;
-#ifndef NO_INETD
 	}
-#endif
 	sin_len = sizeof(ss);
 	if(getpeername(sock, sa, &sin_len) < 0)
 	    krb5_err(context, 1, errno, "getpeername");
@@ -281,8 +277,8 @@ main(int argc, char **argv)
     if (!print_dump)
 	krb5_log(context, fac, 0, "Received %d principals", nprincs);
 
-    if (close_socket)
-	closesocket(sock);
+    if (inetd_flag == 0)
+	rk_closesocket(sock);
 
     exit(0);
 }

kdc/kdc-replay.c

@@ -95,11 +95,11 @@ main(int argc, char **argv)
 	if (config->pkinit_kdc_anchors == NULL)
 	    krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
 
-	_kdc_pk_initialize(context, config,
-			   config->pkinit_kdc_identity,
-			   config->pkinit_kdc_anchors,
-			   config->pkinit_kdc_cert_pool,
-			   config->pkinit_kdc_revoke);
+	krb5_kdc_pk_initialize(context, config,
+			       config->pkinit_kdc_identity,
+			       config->pkinit_kdc_anchors,
+			       config->pkinit_kdc_cert_pool,
+			       config->pkinit_kdc_revoke);
 
     }
 

kdc/main.c

@@ -122,18 +122,22 @@ main(int argc, char **argv)
 
 	sigaction(SIGINT, &sa, NULL);
 	sigaction(SIGTERM, &sa, NULL);
+#ifdef SIGXCPU
 	sigaction(SIGXCPU, &sa, NULL);
+#endif
 
 	sa.sa_handler = SIG_IGN;
+#ifdef SIGPIPE
 	sigaction(SIGPIPE, &sa, NULL);
+#endif
     }
 #else
     signal(SIGINT, sigterm);
     signal(SIGTERM, sigterm);
-#ifndef NO_SIGXCPU
+#ifdef SIGXCPU
     signal(SIGXCPU, sigterm);
 #endif
-#ifndef NO_SIGPIPE
+#ifdef SIGPIPE
     signal(SIGPIPE, SIG_IGN);
 #endif
 #endif

kdc/pkinit.c

@@ -1945,12 +1945,12 @@ load_mappings(krb5_context context, const char *fn)
  */
 
 krb5_error_code
-_kdc_pk_initialize(krb5_context context,
-		   krb5_kdc_configuration *config,
-		   const char *user_id,
-		   const char *anchors,
-		   char **pool,
-		   char **revoke_list)
+krb5_kdc_pk_initialize(krb5_context context,
+		       krb5_kdc_configuration *config,
+		       const char *user_id,
+		       const char *anchors,
+		       char **pool,
+		       char **revoke_list)
 {
     const char *file;
     char *fn = NULL;

kdc/version-script.map

@@ -13,6 +13,7 @@ HEIMDAL_KDC_1.0 {
 		krb5_kdc_process_request;
 		krb5_kdc_save_request;
 		krb5_kdc_update_time;
+		krb5_kdc_pk_initialize;
 	local:
 		*;
 };